I'm running Messaging Server 7u4-21.01 and as described in the subject i need to limit the number of messages sent by user per period (for example 100 messages per hour ).
Cause of many things such as too simple passwords and client pc virus we are generating to much outgoing SPAM even from mail clients and Webmail that our anti-spam appliance is not able to recognize.
Customer need to send messages on behalf of another user, so i can't check mail from to exist and to match with auth user.
In our enviroment mail to our MTA are sent by clients such as outlook or thunderbird trough smtp proxy (mmp) so the incoming IP is always the same.
Is there a way to apply Meter Maid configuration to AUTH_REWRITE mapping table so to limit connection per authenticated user in order to block an account that send to much messages?
I've already read that doc but what i need is something different because i need to limit also users who send mail with from address (envelope or header address) different from the account one.
I would like to replicate the same check under AUTH_REWRITE mapping table in order to apply the limit per auth userid.
I'm trying to write the correct check string but i can't find out the correct syntax to use right now.
At the moment i have:
BASE|*|*|* $C$[opt/sun/comms7u1/messaging64/lib/check_metermaid.so,throttle,ext_throttle,$2]$NExcessive$ email$ sent$ -$ Please$ try$ again$ later$E
It works, but if the spammer omit the "from:" field the above rule doesn't work
I have tcp_auth with "authrewrite 3" (just 3 and 4 are the correct values for authrewrite to let system read AUTH_REWRITE mapping table)
Finally i added
to FROM ACCESS table to rewrite the correct from (envelope from) in case of mismatch.
Now it seems to work fine.